Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/EpE7tz4_CLusj9Z5N6jfs4Tw-cM.roa
File:                     EpE7tz4_CLusj9Z5N6jfs4Tw-cM.roa (raw, json)
Hash identifier:          r+I3KylWARjM7F4bFwZxX37k0NwKumKPPB9IUaxb3kc=
Subject key identifier:   12:91:3B:B7:3E:3F:08:BB:AC:8F:D6:79:37:A8:DF:B3:84:F0:F9:C3
Certificate issuer:       /CN=cd143690230a440a68b7a8aa98279f2f65dfee28
Certificate serial:       018CC64A85308B44FA42C71CCA0B42C0EBF8
Authority key identifier: CD:14:36:90:23:0A:44:0A:68:B7:A8:AA:98:27:9F:2F:65:DF:EE:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRQ2kCMKRApot6iqmCefL2Xf7ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/EpE7tz4_CLusj9Z5N6jfs4Tw-cM.roa
Signing time:             Mon 01 Jan 2024 18:30:21 +0000
ROA not before:           Mon 01 Jan 2024 18:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        2001:678:d4c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/zRQ2kCMKRApot6iqmCefL2Xf7ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/zRQ2kCMKRApot6iqmCefL2Xf7ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRQ2kCMKRApot6iqmCefL2Xf7ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:85:30:8b:44:fa:42:c7:1c:ca:0b:42:c0:eb:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd143690230a440a68b7a8aa98279f2f65dfee28
        Validity
            Not Before: Jan  1 18:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12913bb73e3f08bbac8fd67937a8dfb384f0f9c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:80:c7:b6:c6:a0:d6:50:9c:b6:c0:f0:31:41:
                    89:8e:54:8d:0d:fa:a8:6b:a4:f3:0b:35:e2:a1:7e:
                    0b:23:1c:21:98:97:54:d3:2a:d9:9f:70:6a:fe:00:
                    d6:fc:67:77:3b:dd:d0:3e:e7:fa:b8:26:bd:90:87:
                    8b:9f:06:96:3c:b1:c0:26:a3:00:6b:71:08:42:61:
                    87:2f:66:aa:61:be:51:8a:a4:06:d0:1c:76:c3:fc:
                    cf:ec:62:d6:d6:68:34:16:aa:10:fb:df:dd:2c:1b:
                    ae:62:98:42:76:83:fc:79:1c:a5:f1:f5:b8:f8:0a:
                    75:e7:76:ea:5d:f9:c6:21:64:91:81:d2:01:67:c1:
                    aa:6c:95:b2:b9:1c:f2:f0:a1:0c:b1:73:bb:2a:e0:
                    26:7f:f8:e1:ce:9f:fe:b0:7e:16:1d:0d:f0:ba:12:
                    18:81:8e:8c:7a:3a:be:76:d7:04:5a:3e:17:c8:2c:
                    64:6a:b9:f1:bc:eb:17:ad:97:7b:f4:ca:e1:7d:3a:
                    bf:c3:ac:60:15:27:6d:80:f1:b3:4c:33:32:3b:57:
                    9d:f9:1d:f4:10:b1:0a:89:ad:09:42:45:93:db:fe:
                    20:75:51:b0:59:9d:2a:c6:24:ba:fa:ef:30:ee:35:
                    71:24:74:5f:8a:ce:3a:c7:55:be:15:d2:1a:a5:f6:
                    be:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:91:3B:B7:3E:3F:08:BB:AC:8F:D6:79:37:A8:DF:B3:84:F0:F9:C3
            X509v3 Authority Key Identifier:
                keyid:CD:14:36:90:23:0A:44:0A:68:B7:A8:AA:98:27:9F:2F:65:DF:EE:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRQ2kCMKRApot6iqmCefL2Xf7ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/EpE7tz4_CLusj9Z5N6jfs4Tw-cM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/09456e-a71c-43b3-bd40-8ee3d98cad5b/1/zRQ2kCMKRApot6iqmCefL2Xf7ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:53:cb:7f:62:fc:38:fd:ed:6e:05:4e:4c:e7:19:bb:a2:43:
         00:4a:fc:95:92:24:1e:50:b3:32:32:20:f3:52:c4:db:d9:3c:
         32:1a:b1:61:0e:53:b2:aa:6f:e3:ab:61:ec:97:1c:1d:42:16:
         87:a7:30:36:89:6f:22:84:93:cf:24:f0:fe:f6:99:c9:b9:b6:
         89:7c:f0:9f:f6:d3:5f:94:e5:52:bc:f7:ec:f2:39:4c:f1:22:
         ee:f9:76:cb:50:ad:5b:ea:43:79:bf:d5:72:90:28:81:e6:fa:
         05:9a:83:b7:e4:f1:4b:61:2b:75:09:64:46:6a:a4:4a:38:5e:
         2f:36:19:d7:80:cc:ed:ab:ad:ea:c5:e9:ec:dc:90:e0:f4:5d:
         fd:dc:61:53:72:9e:37:3d:a9:a9:6c:ef:fe:c6:1a:5e:4d:44:
         38:06:3e:af:b5:8f:ce:8c:cf:47:c0:30:e8:bc:39:16:ac:cf:
         04:a5:23:d6:2f:6b:18:28:f1:9c:ea:94:0a:8c:10:3b:19:5e:
         d2:d9:53:96:fb:3f:27:6d:b0:4d:4d:7b:fe:18:24:d4:4f:4b:
         4d:de:2b:f8:24:21:03:a1:9c:d8:71:65:4f:35:7e:00:98:5e:
         b4:73:d8:92:d0:7d:2a:62:f0:4b:a3:5f:a6:48:cf:c5:3f:4d:
         ea:ac:1f:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSoUwi0T6QsccygtCwOv4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTQzNjkwMjMwYTQ0MGE2OGI3YThhYTk4Mjc5ZjJmNjVk
ZmVlMjgwHhcNMjQwMTAxMTgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkxM2JiNzNlM2YwOGJiYWM4ZmQ2NzkzN2E4ZGZiMzg0ZjBmOWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYDHtsag1lCctsDwMUGJjlSNDfqo
a6TzCzXioX4LIxwhmJdU0yrZn3Bq/gDW/Gd3O93QPuf6uCa9kIeLnwaWPLHAJqMA
a3EIQmGHL2aqYb5RiqQG0Bx2w/zP7GLW1mg0FqoQ+9/dLBuuYphCdoP8eRyl8fW4
+Ap153bqXfnGIWSRgdIBZ8GqbJWyuRzy8KEMsXO7KuAmf/jhzp/+sH4WHQ3wuhIY
gY6Mejq+dtcEWj4XyCxkarnxvOsXrZd79MrhfTq/w6xgFSdtgPGzTDMyO1ed+R30
ELEKia0JQkWT2/4gdVGwWZ0qxiS6+u8w7jVxJHRfis46x1W+FdIapfa++QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBKRO7c+Pwi7rI/WeTeo37OE8PnDMB8GA1UdIwQY
MBaAFM0UNpAjCkQKaLeoqpgnny9l3+4oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJRMmtDTUtSQXBvdDZpcW1DZWZMMlhmN2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8wOTQ1NmUtYTcxYy00M2IzLWJkNDAt
OGVlM2Q5OGNhZDViLzEvRXBFN3R6NF9DTHVzajlaNU42amZzNFR3LWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8wOTQ1NmUtYTcxYy00M2IzLWJkNDAtOGVlM2Q5OGNhZDVi
LzEvelJRMmtDTUtSQXBvdDZpcW1DZWZMMlhmN2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA1M
MA0GCSqGSIb3DQEBCwUAA4IBAQB+U8t/Yvw4/e1uBU5M5xm7okMASvyVkiQeULMy
MiDzUsTb2TwyGrFhDlOyqm/jq2HslxwdQhaHpzA2iW8ihJPPJPD+9pnJubaJfPCf
9tNflOVSvPfs8jlM8SLu+XbLUK1b6kN5v9VykCiB5voFmoO35PFLYSt1CWRGaqRK
OF4vNhnXgMztq63qxens3JDg9F393GFTcp43PampbO/+xhpeTUQ4Bj6vtY/OjM9H
wDDovDkWrM8EpSPWL2sYKPGc6pQKjBA7GV7S2VOW+z8nbbBNTXv+GCTUT0tN3iv4
JCEDoZzYcWVPNX4AmF60c9iS0H0qYvBLo1+mSM/FP03qrB99
-----END CERTIFICATE-----